On 11/24/2013 06:20 AM, Emmanuel Dreyfus wrote:
Net_SMTP allows a stream context options to be provided, and this stream context options can be used to enforce CA valdation. It would work like this:
$opts = array( 'ssl' => array( 'verify_peer' => TRUE, 'verify_depth' => 5, 'cafile' => '/path/to_ca_file', ), ); $this->conn = new Net_SMTP($smtp_host, $smtp_port, $helo_host, false, 0, $opts);
I would like to contribute such a change. Obviously, ca_file must be available as a config option (what name?). Is there any comment on the approach?
I propose to add 'smtp_conn_options' option where you could specify the whole options array as above. In comments we should provide an example and link to http://us1.php.net/manual/en/context.ssl.php
I have not looked at the IMAP side: I use imapproxy for connexion caching, and therefore Roundcube is not in charge of TLS.
rcube_imap_generic class does not use stream_context_create() so we'd need more changes here, but that should be quite simple change as the code is already in Net_Socket.